Symantec Rethinks Firefox vs IE Vulnerabilities

chill writes "Last September security software vendor Symantec issued a report claiming IE had fewer critical flaws than Firefox and thus was more secure. Well, it seem they have now rethought that position. 'How we did it before wasn't a fair comparison,' said Oliver Friedrichs, the senior manager of Symantec's security response group. 'It wasn't an apples to apples comparison.' The key was vendor acknowledged critical vulnerabilities. Thus, if Microsoft (or the Mozilla Foundation) didn't agree it was critical, then it didn't get counted."

OneCare

[ROOK*CA]

I wonder if Symantec's "rethinking" of it's position has anything to do with Microsoft Announcing a Competeing offering (OneCare Live), apparently Symantec will no longer just take Microsofts word whether a suspected flaw is actually a bug/vulnerability or not, Sorry Microsoft that ole "Naw, that's not a vulnerability, it's just an undocumented feature" doesn't look like it's going to fly anymore.

:D

Comment removed

[account_deleted]

Comment removed based on user account deletion

Not too surprising

[enigma48]

My first thought was that this makes perfect sense - now that MS is a competitor of Symantec, they're going to discredit them as much as they can.

But Symantec has known for ages that MS is pushing into their space. Maybe they had a Netscape-esque agreement with Symantec and maybe Symantec found new evidence that convinced them partnering with MS isn't the best way to go?

It *could* be as simple as an upper-management type listening to the feedback the last report got, but I haven't seen an icy weather forecast for Hell today.

(For those who missed the MS Anti-trust days: it was 'alleged' that when MS decided that the 'net was not just a fad and MS needed to throw all their resources into making IE the dominant browser, MS offered not to compete in Mac-space if they left the Windows market quietly. Netscape refused, MS bundled IE with windows, and the rest is history)

Oi norton...

[djsmiley]

StartKeyLogger

another undocmented feature...

ooops, sorry

[yagu]

It seems almost disingenuous to "rethink" this so late. Of course it's more than a little irritating, it directly impacts the perceptions and usage levels of the competing browsers. It's kind of like yelling "fire" in a crowded theater, waiting until the resultant stampede kills many in the theater and then saying, "I'm rethinking this, and it looks as if there is no fire."

Re:OneCare

[ntsucks]

Perhaps the Symantec marketing trolls have embarked on a subtle campaign to undermind the general public's trust in Micro$oft's ability to deliver secure products. Basically a "Who do you trust?" positioning of themselves against OneCare Live. Strange as it may seem Joe Six Pack probably does not have the Slashdot crowd's contempt for Micro$oft's ability to deliver secure products, thus leaving some room for Symantec to discredit them.

Re:imagine that

[Anonymous Coward]

Of course, the two concepts are completely unrelated, when one realizes that lying doesn't occur because the lier decided that lying was NOT in his best interest. Lying occurs because the lier, at the time, decided it would benefit him somehow. In other words, in order to profit. (Profit doesn't have to be measured in raw dollars, but can take the form of anything which an individual considers to benefit him.) Therefore, all lying is an attempt to profit, just like all truth telling is an attempt to profit. (Why would someone tell the truth if they didn't believe it was in their best interest, i.e. for profit?) People do things because they believe, at least at that moment, that those things are in their best interest.

So there is no more connection between lying and profit than truth-telling and profit. D'oh!

Re:So Symantec hates microsoft now??

[Anonymous Coward]

Microsoft has been running the "get the facts" t.otal c.ost of o.wnership ad campaign all over the net. They pay for that, ie, "checks" or "cheques" or "notes du deposite" or however you call them things.

Maker of the worst antivirus software ...

[Anonymous Coward]

Symantec used to make top notch products. When I recently was exposed to their client software again assisting friends, I was shocked to see that they now make the worst security suite. It is just completely unsuable for customers. Their failure to even have their software work with Windows XP SP2 (and letting their customers take the problems such as all programs stop having internet connectivity but their own ...) is evidence that they with their "platform play" is becoming increasingly at odds with Microsoft. If they were able to understand that at least until recently Microsoft have only provided basic functionality to help protect customers (such as the basic firewall and a central place to see security status) and that there is considerable space in which to provide superior technology, I might have believed some of their comments.

The way it stands now, I cannot possibly recommend their products nor their "advice".

Re:Hi Symantec

[babbling]

True. I wonder if this latest admission from Symantec is a response to Microsoft's new (when Vista comes out...) virus/spyware scanner subscription service. Symantec are now competing with Microsoft.

Re:This coming from symantec

[CRC'99]

Whose company products in all my years of computer maintenance have overall caused me more problems than all the malware/viruses they were supposed to be fighting. Thanks for the heads up!

You can say that again. Where I'm working now, "Are you using Norton Internet Security or Anti-Virus?" is about question number 2 on the process for troubleshooting email problem calls. The first one is "What is your email address?". It's a 50/50 decision on if I'd rather taken on the virus/trojan world.......

Re:If you want "browser" safe, go get Opera

[whitehatlurker]

Well, if you want to compare with numbers from a rival company:
Opera 8.x [secunia.com] had 13 flaws, 3 highly severe, 0 extremely severe;
Firefox 1.x [secunia.com] had 27 flaws, 7 highly severe, 1 extremely severe;
MS IE 6.x [secunia.com] had 77 flaws, 22 highly severe, 11 extremely severe.
It's still not apples to apples. (Time periods aren't the same, etc.)

I think the more important thing to note: all of the Opera flaws (to date) are fixed, there are still 2 open in FireFox, and 23 open in MS IE 6.x.

Re:imagine that

[Peaceful_Patriot]

I think there is a big difference between individual integrity and the lawyer and profit driven speak of companies. Of course there is personal honesty. Lots of people choose to tell the truth. Companies, however, tend to view honesty as a relative thing it is and highly subject to the influences of lawyers and shareholders.

I can believe I am going to reply to this but...

[Lightzout]

This has to be the best troll ever. I feel like I am the moth, there is the flame, gonna die, cant turn back now, going in anyway! I think this is funny for two reasons. One symantec has no interest in securing anything but profits and secondly the fact that symantec could make the "news" by publicly admitting something so obvious to most saavy consumers is all the proof I need that the joke is me. Expect Symantec to announce its Firefox browser bundle soon.

Re:Number of bugs means...

[mav[LAG]]

This reminds me of a friend of mine who used to be a professional game tester for an EA dev team near where I live. Although somewhat looked down upon, testers are actually a terribly important part of the game dev process. If you're looking for budget to save, look somewhere else.

Nobody told that to the manager. For the next project my friend was given absolutely nothing to work with - no design docs, no resources, no source code, no debug version, no reporting sheets - zip. Just a crappy PC with - occasionally - the latest build on. All his requests for the basic tools to let him do his job properly went unheeded. So he started filing bug reports via email like this:

To: Developers
Subject: Game is broken - fix it

To: Developers
Subject: Game crashes - needs to be fixed

To: Developers
Subject: Game broken - needs fixing

He was quickly provided with the tools he needed :)

Re:imagine that

[zippthorne]

Wait.. are you using PR version numbers as your basis for comparison?

That's like saying windows 95 is more mature than [linux distro using kernel version 2.6.x] because as anyone can see, 95 > 2.6.